request #42221 golang.org/x/net bump to 0.37.0

Infos

Artifact ID#42221

Submitted byMartin GOYOT (goyotm)

Last Modified On2025-03-13 16:49

Submitted on2025-03-13 16:04

Rank43889

Details

Summary *

golang.org/x/net bump to 0.37.0

Original Submission

Fixes CVE-2025-22870. See https://pkg.go.dev/vuln/GO-2025-3503

golang.org/x/net/proxy is used in:

pre-receive-tuleap-git-repo-validation
vault-tuleap-plugin

golang.org/x/net/http/httpproxy is used in:

tuleap-smokescreen

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toMartin GOYOT (goyotm)

StatusClosed

Close date2025-03-13

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #41092	Tuleap	Releases	16.6	Under development	2025-03-04 11:52	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #42221

Git commit

tuleap/tuleap/stable

chore: request #42221 golang.org/x/net bump to 0.37.0 d12d393654

Martin GOYOT (goyotm) , 2025-03-13 16:10

Merge commit 'refs/changes/87/33787/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 8b8fff46ec

Joris MASSON (jmasson) , 2025-03-13 16:47

Show items referenced by request #42221

Referenced by request #42221

Artifact Tracker v5

rel #41092 16.6

Git commit

tuleap/tuleap/stable

chore: request #42221 golang.org/x/net bump to 0.37.0 d12d393654

Martin GOYOT (goyotm) , 2025-03-13 16:10

Other

gerrit #33787

Follow-ups

Joris MASSON (jmasson)

2025-03-13 16:49

Connected artifacts
- Added Fixed in: rel #41092

Tracker Workflow Manager (forge__tracker_workflow_manager)

2025-03-13 16:48

Closed by @goyotm with git #tuleap/stable/d12d393654d0bb53f7fe683dbc32386130c38ab7.

Status changed from Under review to Closed
Close date set to 2025-03-13

Thomas Gerbet (tgerbet)

2025-03-13 16:12

Category changed from Dev tools to Other

Thomas Gerbet (tgerbet)

2025-03-13 16:12

No security impact, impacted code is only called in Smokescreen for which we never set proxy patterns.

Reported in version set to All

Martin GOYOT (goyotm)

2025-03-13 16:09

see gerrit #33787

Public

Artifact links

Releases

Fixed in

Reverse artifact links

Referencing request #42221

Git commit

tuleap/tuleap/stable

Referenced by request #42221

Artifact Tracker v5

Git commit

tuleap/tuleap/stable

Other

Follow-ups